- Mozilla warns his development community for an in progress attack
- The attackers want to access the accounts of the developers
- Navigator addons to suffocate with malware could be the game here
Mozilla warns his community of developers that they risk being targeted by new sneaky phishing attacks which urged them to “show extreme caution and a meticulous exam” during the reception of emails claiming to have come from Mozilla or Amo (addons.mozilla.org).
“Phishing emails generally indicate a variation of the message” Your additional Mozilla account requires an update to continue accessing the features of developers, “said the company in its description of what the objectives could expect.
The company has not said who are the actors of the threat, which they seek to achieve, nor their success – however, since complementary browser developers are targeted, it is prudent to assume that the disbelievers are looking for a way to compromise products with malicious software.
Supply chain attacks
Complementary browser modules are tiny programs that add additional features or functions to a web browser, and users generally install them to personalize or improve their browsing experience.
Some of the most popular addons include advertising blockers, spelling and grammar auditors, password managers, screenshot tools and VPNs or confidentiality tools.
By tainting solutions with malware, cybercriminals can engage in supply chain attacks, have access to the bank accounts of people, social media accounts, cryptocurrency token and NFT, passwords, session cookies, etc.
It is also a common attack vector. Less than a month ago, it was reported that many Addons Chrome and Edge, including several prominent products, were found by spying on users and communicating with a third -party server.
At the time, Koi Security security researchers reported that an apparently blessed chrome complementary module called “color picker, pee -ciel – geco colorpick”, which allows users to identify quickly and copy the color codes at any time of their browser, was secretly malware.
While working as announced and having thousands of downloads and positive criticisms, the complementary module also did something in the background – it diverted the activity of the browser, followed the websites that users were targeting and communicated with a remote C2 infrastructure.
This discovery led them on a path that discovered a complete network of complementary modules, all doing similar things.
Via The register
